The Prayas ePathshala

Exams आसान है !

02 September 2024 – The Hindu

Facebook
LinkedIn
WhatsApp

Ransomware Attack Severely Disrupts Bank Operations in India

Why in News?

  • A recent ransomware attack has caused significant disruptions in the operations of around 150-200 cooperative banks and Regional Rural Banks (RRBs) across India. This cyberattack has been identified by the National Payments Corporation of India (NPCI) and has predominantly affected banks that rely on the services of C-Edge Technologies Ltd., a joint venture between Tata Consultancy Services Ltd. (TCS) and the State Bank of India (SBI).

Impact of the Ransomware Attack on Banks:

  • Targeted Service Provider: The attack primarily targeted C-Edge Technologies Ltd., crippling their ability to service cooperative banks and RRBs.
  • Customer Access Issues: Due to the attack, customers of these banks were unable to access crucial payment systems, including the Unified Payments Interface (UPI) and Aadhaar-enabled payment systems (AePS).
  • Differing Impacts on RRBs: Some RRBs, depending on their association with sponsor banks, managed to continue operations normally since they utilized different technology service providers.

Broader Implications for the Payment Ecosystem:

  • Vulnerability Highlighted: This incident brings to light the critical dependence on technology service providers in maintaining the stability of the payment infrastructure.
  • Need for Enhanced Cybersecurity: The event underscores the urgent need for more robust cybersecurity measures to safeguard against similar future attacks.
  • Collaborative Effort Required: Swift and effective collaboration between NPCI, banks, and technology providers is essential to mitigate the impact of such cyber disruptions.
  • Note: AePS is a bank-led model allowing online financial transactions at Point of Sale (PoS) or micro-ATMs through any bank’s Business Correspondent using Aadhaar authentication. NPCI, a joint initiative by the Reserve Bank of India (RBI) and the Indian Banks’ Association (IBA), introduced AePS to provide easy and secure banking services, particularly for the poor and marginalized in rural and remote areas.

Understanding Ransomware:

  • Definition: Ransomware is a type of malicious software that encrypts the victim’s data or locks their device, demanding a ransom for the decryption key or to regain access.
  • Evolution of Attacks: Initially, ransomware attacks focused on data encryption. However, modern attacks have evolved, incorporating tactics such as:
  • Double-extortion: Threatening to leak stolen data if the ransom is not paid.
  • Triple-extortion: Utilizing stolen data to pressure the victim’s customers or business partners.

Types of Ransomware:

  • Encrypting Ransomware (Crypto Ransomware): Encrypts data and demands a ransom for the decryption key.
  • Non-encrypting Ransomware (Screen-locking Ransomware): Locks the device entirely, displaying a ransom demand on the screen.

Other Subcategories:

  • Leakware/Doxware: Steals and threatens to publish sensitive data.
  • Mobile Ransomware: Targets mobile devices, often using screen-lockers.
  • Wipers: Destroys data, sometimes even if the ransom is paid.
  • Scareware: Uses fear tactics to coerce payment, often posing as legitimate alerts.

Ransomware as a Cyber Threat:

  • Financial Impact: Ransomware attacks can result in massive financial losses. An IBM report indicated that the average cost of a data breach in FY 2024 reached an all-time high of Rs 19.5 crore (USD 2.35 million), with the local industrial sector being the most impacted.
  • Speed of Attacks: Once attackers gain access to a network, they can deploy ransomware within days, leaving organizations with limited time to respond.

Response Steps:

  • Containment: Isolate infected devices from the network to prevent further spread.
  • Identification: Determine the entry point and identify the type of ransomware.
  • Restoration: Prioritize restoring critical systems first, then eliminate the threat from the network. If backups are available, restore systems from backups; otherwise, explore decryption options.

How Ransomware Infects Systems:

  • Phishing: Cyberattacks using social engineering to deceive victims into downloading ransomware through malicious attachments or links.
  • Exploiting Vulnerabilities: Leveraging existing or zero-day vulnerabilities to inject ransomware.
  • Credential Theft: Using stolen credentials to deploy ransomware.
  • Other Malware: Utilizing other malware (e.g., Trojans) to spread ransomware.
  • Drive-by Downloads: Infecting devices through compromised websites.
  • Ransomware as a Service (RaaS): Allows cybercriminals to use ransomware developed by others in exchange for a share of the ransom.

Notable Ransomware Variants:

Akira Ransomware

LockBit Ransomware

  • CryptoLocker: Credited with kick-starting the modern ransomware era in 2013.
  • WannaCry: A cryptoworm that affected over 200,000 computers in 150 countries in 2017.
  • Petya/NotPetya: Encrypts the file system table, preventing computers from booting.
  • Ryuk: Popularized targeting high-value targets.
  • DarkSide: Responsible for the Colonial Pipeline attack in 2021.
  • Locky: Utilizes macros in email attachments to infect devices.
  • REvil: Known for big-game hunting and double-extortion attacks.
  • Conti: Operated as a RaaS scheme, using double-extortion tactics.

Legal Frameworks to Combat Ransomware in India:

  • Indian Penal Code 1860 and IT Act 2000: Ransomware attacks constitute various offenses under these laws.

Relevant Sections of IT Act:

  • Section 43 and 66: Pertains to damage to computer systems.
  • Section 65: Relates to tampering with computer source documents.
  • Section 66D: Concerns cheating by personation.
  • Obligations for Corporate Bodies: Those handling sensitive personal data must implement reasonable security practices as mandated by IT Rules.
  • Punishments: Under the IT Act, penalties for ransomware attacks range from imprisonment of three to seven years and fines up to Rs. 1 crore.
  • Ransomware Task Force (RTF): A specialized unit within India’s National Cyber Security Coordinator (NCSC), providing assistance to ransomware victims in investigation, recovery, and prevention.
  • RBI’s Cybersecurity Framework for the Banking Sector, 2018: Mandates specific guidelines for banks and financial institutions to protect against cyber threats, including multi-factor authentication, encryption, and regular security audits.

Way Forward:

  • Strengthening Cybersecurity: Banks and technology service providers must implement robust cybersecurity measures, including endpoint protection, network security, data backup, and employee training. Improved threat detection and prevention have led to an 11.5% decline in ransomware infections between 2022 and 2023.
  • Centralized Threat Intelligence: Establish a centralized platform for sharing threat intelligence among banks and financial institutions.
  • Robust Data Backup and Recovery Plans: Implement comprehensive backup and recovery procedures, including offline backups, and develop business continuity plans to ensure minimal disruption in the event of an attack.
  • Enhanced Security Standards: Conduct thorough security assessments of third-party vendors and partners, and improve incident response capabilities to mitigate the impact of cyberattacks. Obtaining relevant cybersecurity certifications can demonstrate a strong commitment to security.

Select Course